Domain-Based Phishing Attacks on the Rise

MarkMonitor reports that domain-based phishing attacks now represent 73% of all phishing scams.

Domain-based phishing scams are on the rise and consumers are easily fooled by fraudulent Web sites with recognizable domain names, according to findings from MarkMonitor's (San Francisco) AntiFraud Operations Center (AFOC).

MarkMonitor has been compiling information from 250 million e-mail inboxes of AOL, Yahoo and Earthlink customers and combining those results with its own research and data from the Anti-Phishing Working Group to come up with its statistics, says David Silver, VP of corporate strategy and products for MarkMonitor.

The AFOC found that domain-based phishing attacks now represent 73 percent of all attacks, up from 35 percent just 18 months ago.

The rise in domain-name phishing attacks stems from the fact that ISPs have filtering technologies that are more intelligent and will mark e-mails as spam that don't contain legitimate-looking URLs, Silver says. Before, fraudsters would send e-mails containing links to random IP addresses, but now, more sophisticated fraudsters realize that links to URLs with legitimate looking domain names are more likely to get by spam filters, he says. For instance, a fraudulent Web site with the domain name www.capitalonebanking.com is more likely to get by spam filters than something like 10.17.42.63/, he explains.

The impetus behind this rapid increase is illustrated in a recent independent study by several researchers from Harvard University and University of California Berkeley titled, "Why Phishing Works," which showed that 36 percent of participants rely primarily on the domain name, in addition to Web site content, to determine a site's legitimacy. It also found that participants were less suspicious of a Web site displaying a recognizable domain name versus a numerical IP address.

Defensive registering is the best defense against fraudsters, Silver says. "Many of our bank customers defensively register domain names," he adds. One bank has registered more than 5,000 domain names to ward against fraudsters.
Outside of defensive registering, there are other ways that organizations can protect themselves, or they can choose to outsource protection. To safeguard against domain-based attacks, MarkMonitor alerts organizations to newly registered domain names that seek to mimic their familiar brand names before the domains become operational.

Once a bank discovers that a potential phisher has registered a domain name similar to the bank's own, it should immediately try to get the site taken off the Internet, either by buying out the owner or by trying to secure an administrative shutdown, Silver relates. Another defensive technique that MarkMonitor deploys for its customers is "dilution," whereby it populates the phisher's site with false and unusable information, making it worthless to potential buyers of phished information.

According to experts, banks should also utilize a broadcast strategy to alert customers of a phishing attack so that when a consumer clicks on the bogus Web site, he is instantly alerted by the ISP that the site is actually a phishing attempt.